jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,516 Commits 33 Branches 583 Tags
b0bdfbd8703e157b50a5061d61fa96e554db4e3d
Commit Graph

785 Commits

Author SHA1 Message Date
Girish Ramakrishnan
b2fe43184c more changes 2020-12-22 10:13:17 -08:00
Girish Ramakrishnan
7bdeaca75b secure the provision and activation routes with a token 
fixes #751
 2020-12-21 23:33:31 -08:00
Girish Ramakrishnan
65290e52f7 persist update indicator across restarts 
part of #749
 2020-12-21 12:36:02 -08:00
Girish Ramakrishnan
9683bb6408 remove email notification for user add/remove 
it's just very noisy. we anyway raise notifications
 2020-12-21 08:45:18 -08:00
Girish Ramakrishnan
56707ac86a proxyauth: add 2fa 
Fixes #748
 2020-12-20 13:14:21 -08:00
Girish Ramakrishnan
eff9d378e5 nfs: chown the backups for hardlinks to work 2020-12-18 17:14:42 -08:00
Girish Ramakrishnan
a20bcbd570 mail: update haraka to 2.8.26 2020-12-17 17:57:19 -08:00
Girish Ramakrishnan
7d157b9343 Various 6.0.2 changes 2020-12-09 22:03:18 -08:00
Girish Ramakrishnan
f497d5d309 fix thp disable on kernels that have it disabled 2020-12-07 11:38:11 -08:00
Girish Ramakrishnan
51a165dc7a add changes 2020-12-07 00:04:14 -08:00
Girish Ramakrishnan
2a32bf3fc7 Add to changes 2020-12-03 21:58:27 -08:00
Girish Ramakrishnan
3de8fd5d92 fix issue where apps can sendmail with any username 
a valid password is still required for this to work
 2020-12-03 13:06:08 -08:00
Girish Ramakrishnan
0ec5714271 Add to changes 2020-12-02 09:46:13 -08:00
Girish Ramakrishnan
3934e59bd3 filemanager: allow downloading dirs as zip 2020-11-29 16:28:10 -08:00
Girish Ramakrishnan
213ce114e3 disable thp 
https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/

redis complains loudly and this oftens results in support requests
 2020-11-28 16:30:04 -08:00
Girish Ramakrishnan
ad8b9cfc9f mail: enable acl 2020-11-27 18:14:49 -08:00
Girish Ramakrishnan
25cc60e648 mail: change the namespace separator to / 2020-11-24 12:55:58 -08:00
Girish Ramakrishnan
aad50fb5b2 add routes to get/set solr config 2020-11-19 20:19:24 -08:00
Girish Ramakrishnan
7663360ce6 add to changes 2020-11-19 11:20:22 -08:00
Girish Ramakrishnan
0a3aad0205 Add httpPaths support 2020-11-19 11:02:53 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan
064eff0ac1 add changes 2020-11-16 22:50:56 -08:00
Girish Ramakrishnan
8c0bd97064 mail: owner can be a group 2020-11-13 00:31:34 -08:00
Girish Ramakrishnan
71666a028b add support for protected sites 
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
https://gock.net/blog/2020/nginx-subrequest-authentication-server/
https://github.com/andygock/auth-server
 2020-11-10 01:06:39 -08:00
Girish Ramakrishnan
01e6301332 collectd: adjust collectd config when app is stopped and started 2020-11-09 10:37:22 -08:00
Johannes Zellner
13050f7bff Give log files better names on download 2020-11-09 11:07:16 +01:00
Girish Ramakrishnan
bedcd6fccf Disable the timeout altogether for chunk to upload 2020-11-06 14:47:14 -08:00
Girish Ramakrishnan
df8a71cd8b Each chunk can take up to 30 mins to upload 2020-11-06 00:05:53 -08:00
Girish Ramakrishnan
02eb362f37 Set the heap size with large backup memory limits 
I had to also give the server some more swap for the backup to succeed
 2020-11-05 16:06:12 -08:00
Girish Ramakrishnan
6a3df679fa Add volume management 
the volumes table can later have backup flag, mount options etc
 2020-10-28 15:31:21 -07:00
Johannes Zellner
03e49c59e2 Revert "more changes" 
This reverts commit d69af56c90.
 2020-10-28 16:16:10 +01:00
Girish Ramakrishnan
d69af56c90 more changes 2020-10-26 10:04:37 -07:00
Girish Ramakrishnan
37fa27d54f more changes 2020-10-22 10:04:27 -07:00
Girish Ramakrishnan
be4fed2c19 postgresql: whitelist pgcrypto extension for loomio 2020-10-22 08:56:55 -07:00
Girish Ramakrishnan
4881d8e3a1 Add option to allow non-admins to access SFTP 2020-10-21 23:38:13 -07:00
Girish Ramakrishnan
546e381325 skip downloading image if image present locally 
if we use build service app locally (without push), then we can skip
the download altogether.
 2020-10-19 22:22:29 -07:00
Girish Ramakrishnan
9d1bb29a00 sftp: Make extract work 2020-10-19 19:58:39 -07:00
Girish Ramakrishnan
876d0d5873 sftp: init and access API with a token 2020-10-19 19:13:54 -07:00
Girish Ramakrishnan
2aa5c387c7 branding: add template variables 
we can now have %YEAR% and %VERSION% in the footer
 2020-10-18 10:19:13 -07:00
Girish Ramakrishnan
9ca8e49a4e More changes 2020-10-15 16:46:22 -07:00
Girish Ramakrishnan
6ceed03f6b 5.6.3 changes 2020-10-12 21:09:47 -07:00
Girish Ramakrishnan
0064ac5ead reduce the duration of self-signed certs 
https://support.apple.com/en-us/HT210176
https://forum.cloudron.io/topic/3346/automatically-generated-self-signed-wildcard-certificate-doesn-t-appear-to-be-able-to-be-trusted-by-ios-13-or-greater
 2020-10-08 14:39:23 -07:00
Girish Ramakrishnan
b7ed6d8463 add changes 2020-10-05 21:32:25 -07:00
Girish Ramakrishnan
4176317250 Fix version in changes to prepare for 5.6.2 2020-10-05 12:45:12 -07:00
Girish Ramakrishnan
bbd562f711 Add changes 2020-10-04 16:40:47 -07:00
Girish Ramakrishnan
1eed16bc97 postgresql: set collation order explicitly 2020-10-01 12:04:52 -07:00
Girish Ramakrishnan
b4552ddb5f more changes 2020-09-29 14:46:52 -07:00
Girish Ramakrishnan
1da2450b10 gcs: use copy concurrency 2020-09-28 22:03:08 -07:00
Girish Ramakrishnan
9536b42244 Add changes 2020-09-28 10:27:34 -07:00
Girish Ramakrishnan
0f9168052a nginx: add separate endpoint for ip/setup screens 
'setup' endpoint for setup/restore. we show the setup wizard.
'ip' endpoint is post activation. we show a splash screen here.

Also, the https://ip will not respond to any api calls anymore
(since this will leak the admin fqdn otherwise).

We should probably make this customizable at some point.

Fixes #739
 2020-09-23 23:07:40 -07:00